[scponly] can not stfp

Erol KAHRAMAN erol.kahraman at gmail.com
Tue Feb 6 06:35:34 EST 2007


hi guys,

i solved my problem. I found somewhere in the internet that i need the
/dev/null device in jail directory. So,

# mkdir $scphome/dev
# mknod $scphome/dev/null c major minor (major and minor number depend on
your linux dist.)
# chmod 666 $scphome/dev/null

after creation of null device i can login now in my jail sftp directory.

On 2/1/07, Erol KAHRAMAN <erol.kahraman at gmail.com> wrote:
>
> the output files of strace command.
>
> On 2/1/07, Erol KAHRAMAN <erol.kahraman at gmail.com> wrote:
> >
> > hi Kabel,
> > Thanks for your advanced help. I executed ldconfig command and got the
> > output as follow;
> >
> > ldconfig -v -r /home/scponly
> > /lib:
> >         libaudit.so.0 -> libaudit.so.0
> >         libpam_misc.so.0 -> libpam_misc.so.0
> >         libglib-2.0.so.0 -> libglib-2.0.so.0
> >         libutil.so.1 -> libutil.so.1
> >         libpthread.so.0 -> libpthread.so.0
> >         libnsl.so.1 -> libnsl.so.1
> >         libcom_err.so.2 -> libcom_err.so.2
> >         libsepol.so.1 -> libsepol.so.1
> >         libacl.so.1 -> libacl.so.1
> >         libdl.so.2 -> libdl.so.2
> >         libselinux.so.1 -> libselinux.so.1
> >         librt.so.1 -> librt.so.1
> >         libresolv.so.2 -> libresolv.so.2
> >         libcrypto.so.6 -> libcrypto.so.6
> >         libgmodule-2.0.so.0 -> libgmodule-2.0.so.0
> >         libc.so.6 -> libc.so.6
> >         libgobject-2.0.so.0 -> libgobject-2.0.so.0
> >         libcrypt.so.1 -> libcrypt.so.1
> >         ld-linux.so.2 -> ld-linux.so.2
> >         libnss_compat.so.2 -> libnss_compat.so.2
> >         libattr.so.1 -> libattr.so.1
> >         libpam.so.0 -> libpam.so.0
> > /usr/lib:
> >         libz.so.1 -> libz.so.1
> >         libpopt.so.0 -> libpopt.so.0
> >         libuser.so.1 -> libuser.so.1
> >         libgssapi_krb5.so.2 -> libgssapi_krb5.so.2
> >         libk5crypto.so.3 -> libk5crypto.so.3
> >         libkrb5support.so.0 -> libkrb5support.so.0
> >         libkrb5.so.3 -> libkrb5.so.3
> > Ofcourse this don't solve my problem :((
> > After that, i strace may session and get the files. I attached them. I
> > try to analyse them but they are really complicated for me. If someone take
> > a look and give me some clues i will very very grateful.
> >
> > On 2/1/07, Kaleb Pederson < kibab at icehouse.net> wrote:
> > >
> > > Hi,
> > >
> > > Thanks for the useful debugging information.  It sounds like you have
> > > done
> > > everything right and that there is a problem with the sftp-server
> > > within the
> > > chroot.
> > >
> > > First, try verifying that the chroot is setup correctly and that the
> > > sftp-server doesn't have any missing files.  You should be able to use
> > > `ldconfig -v -r /home/scponly` to verify that all the shared libraries
> > > are in
> > > place.
> > >
> > > If that doesn't help, check out the debugging information on the FAQ,
> > > specifically the piece regarding strace.
> > >
> > > Let us know how it goes.
> > >
> > > Thanks.
> > >
> > > --Kaleb
> > >
> > > On Monday 29 January 2007 22:38, Erol KAHRAMAN wrote:
> > > > hi guys,
> > > >
> > > > i  just installed scponly on my FC6 box with jail options. But i can
> > > not
> > > > connet to my scponly server. I follow the following steps;
> > > > 1. tar xzvf scponly-*.tar.gz
> > > > 2. ./configure --enable-chrooted-binary --enable-scp-compat
> > > > --enable-sftp-logging-compat
> > > > 3. make
> > > > 4. make jail
> > > > after that i leave all options with default settings. Now, when i
> > > trying to
> > > > connet with sftp command i get the following logs; it looks like
> > > there is
> > > > not any error. What could be a problem ?
> > > > ...
> > > > Jan 29 15:13:48 scpserver sshd[30719]: Connection closed by
> > > 10.11.18.12
> > > > Jan 29 15:13:48 scpserver sshd[30720]: Accepted password for scponly
> > > from
> > > > 10.11.18.12 port 39499 ssh2
> > > > Jan 29 15:13:48 scpserver sshd[30720]: pam_unix(sshd:session):
> > > session
> > > > opened for user scponly by (uid=0)
> > > > Jan 29 15:13:48 scpserver sshd[30722]: subsystem request for sftp
> > > > Jan 29 15:13:48 scpserver scponly[30723]: chrooted binary in place,
> > > will
> > > > chroot()
> > > > Jan 29 15:13:48 scpserver scponly[30723]: 3 arguments in total.
> > > > Jan 29 15:13:48 scpserver scponly[30723]:         arg 0 is scponlyc
> > > > Jan 29 15:13:48 scpserver scponly[30723]:         arg 1 is -c
> > > > Jan 29 15:13:48 scpserver scponly[30723]:         arg 2 is
> > > > /usr/libexec/openssh/sftp -server
> > > > Jan 29 15:13:48 scpserver scponly[30723]: opened log at
> > > LOG_AUTHPRIV, opts
> > > > 0x00000029
> > > > Jan 29 15:13:48 scpserver scponly[30723]: retrieved home directory
> > > of
> > > > "/home/scponly" for user "scponly"
> > > > Jan 29 15:13:48 scpserver scponly[30723]: chrooting to dir:
> > > "/home/scponly"
> > > > Jan 29 15:13:48 scpserver scponly[30723]: chdiring to dir: "/"
> > > > Jan 29 13:13:48 scpserver scponly[30723]: setting uid to 502
> > > > Jan 29 13:13:48 scpserver scponly[30723]: processing request:
> > > > "/usr/libexec/openssh/sftp-server"
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Unable to find "LOG_SFTP"
> > > in the
> > > > environment
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Found "USER" and setting
> > > it to
> > > > "scponly"
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Unable to find
> > > "SFTP_UMASK" in
> > > > the environment
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Unable to find
> > > > "SFTP_PERMIT_CHMOD" in the environment
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Unable to find
> > > > "SFTP_PERMIT_CHOWN" in the environment
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Unable to find
> > > "SFTP_LOG_LEVEL"
> > > > in the environment
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Unable to find
> > > > "SFTP_LOG_FACILITY" in the environment
> > > > Jan 29 13:13:48 scpserver scponly[30723]: Environment contains
> > > > "USER=scponly"
> > > > Jan 29 13:13:48 scpserver scponly[30723]: running:
> > > > /usr/libexec/openssh/sftp-server (username: scponly(502), IP/port:
> > > > 10.11.18.12 39499 2244)
> > > > Jan 29 15:13:48 scpserver sshd[30720]: pam_unix(sshd:session):
> > > session
> > > > closed for user scponly
> > >
> >
> >
> >
> > --
> > Erol KAHRAMAN
> > System Network Administrator
> >
>
>
>
> --
> Erol KAHRAMAN
> System Network Administrator
>
>


-- 
Erol KAHRAMAN
System Network Administrator
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the scponly mailing list